Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Riskware.Istealer - Malwarebytes unable to remove.


  • This topic is locked This topic is locked
25 replies to this topic

#1 David...

David...

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 08 January 2016 - 11:06 AM

Good Morning.
 
Any assistance would be greatly appreciated.
Windows 10 user.
 
 
1. Riskware.Istealer continues to be detected by professional version of Malwarebytes and quarantines the file.
But the file never actually is removed. 
 
 
2. My computer has many attempted to install 
"TAP Provider V9 for Private Tunnel Network"
- I have declined for 10 times to no avail.
 
I do not use VPN.
 
After researching this further, using "IPCONFIG" I have found two (2) separate tunnel adapters "TAP" & "TEREDO".
 
Further research, I uninstalled and disabled the two (2) additional network adapters in device manager and restarted the computer.
Each time, they reappeared...Attempted three (3) times.
 
 
3. Word documents NOT functioning properly, all of a sudden.
One example: CV bullets disappear, change orientation... I am not adjusting anything, merely changing title for applied position.
 
 
4. RKill software for the first time, found something wrong...
 
Checking Windows Service Integrity: 
 
 * fcvsc [Missing Service]
 * HyperVideo [Missing Service]
 * netvsc [Missing Service]
 * wfpcapture [Missing Service]
 
 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
 * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
 * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]
 
 
 
This is way over my head...
Any assistance you can provide - would be greatly appreciated.
 
 
Attempted some of Bleeping Computer promoted software.
RKILL, JRT, RogueKiller, AdwCleaner, TDSSkiller, Malwarebytes.
 
Please help...
David


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by D Palmer (administrator) on DAVID-LAPTOP (08-01-2016 11:48:42)
Running from C:\Users\D Palmer\Downloads
Loaded Profiles: D Palmer (Available Profiles: David & Nadia & D Palmer)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-09-30] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WNDA3100v3] => C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE [6243040 2015-01-15] (NETGEAR)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [GoogleChromeAutoLaunch_EF085571F10D50D7A85F41A90AA9CC20] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-01] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2b4b8b59-f082-4ca2-bda3-9aa0b7e02edd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3a572ab1-cff6-427b-a547-2bd42fe237b3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6c2b2513-d100-450b-81d4-82aa8746dafe}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-04] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2015-12-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-28] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-12-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-28] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-04] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3077098461-1490948580-1842899254-1010: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\D Palmer\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-14]
CHR Extension: (Google Docs) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-14]
CHR Extension: (Google Drive) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Hootsuite Hootlet) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2015-12-17]
CHR Extension: (YouTube) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-14]
CHR Extension: (Google Search) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Post To Tumblr) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpicbbcpanckagpdjflgojlknomoiah [2015-12-11]
CHR Extension: (Full Page Screen Capture) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-11-06]
CHR Extension: (Google Sheets) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-14]
CHR Extension: (iCloud Bookmarks) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Post to Tumblr) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkpjkniknhaojcebeaallaglkmhlcno [2015-12-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-14]
CHR Extension: (Buffer) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2015-11-27]
CHR Extension: (Gmail) - C:\Users\D Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-04] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-30] (Synaptics Incorporated)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316128 2014-12-23] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4332720 2015-11-02] (Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-09-30] (Intel Corporation)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 RimVSerPort; C:\Windows\System32\drivers\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-09-30] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-30] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-28] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 11:48 - 2016-01-08 11:49 - 00018177 _____ C:\Users\D Palmer\Downloads\FRST.txt
2016-01-08 11:47 - 2016-01-08 11:48 - 02370560 _____ (Farbar) C:\Users\D Palmer\Downloads\FRST64.exe
2016-01-08 10:59 - 2016-01-08 11:03 - 00002854 _____ C:\Users\D Palmer\Desktop\Rkill.txt
2016-01-08 10:22 - 2016-01-08 10:22 - 00000000 ____D C:\Users\D Palmer\AppData\Roaming\SUPERAntiSpyware.com
2016-01-08 10:21 - 2016-01-08 10:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-08 10:21 - 2016-01-08 10:21 - 00001860 _____ C:\Users\D Palmer\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-01-08 10:21 - 2016-01-08 10:21 - 00000000 ____D C:\Users\D Palmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-08 10:21 - 2016-01-08 10:21 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-08 10:19 - 2016-01-08 10:20 - 24377856 _____ (SUPERAntiSpyware) C:\Users\D Palmer\Downloads\SUPERAntiSpyware.exe
2016-01-08 08:27 - 2016-01-08 08:27 - 01749504 _____ C:\Users\D Palmer\Downloads\AdwCleaner.exe
2016-01-07 10:11 - 2016-01-07 10:11 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\D Palmer\Downloads\rkill (1).exe
2016-01-07 10:05 - 2016-01-07 10:05 - 01599336 _____ (Malwarebytes) C:\Users\D Palmer\Downloads\JRT (1).exe
2016-01-04 11:05 - 2016-01-04 11:05 - 00561500 _____ C:\Users\D Palmer\Downloads\vision21-1587402168.pdf
2015-12-28 20:12 - 2015-12-28 20:12 - 00000000 ____D C:\Users\Nadia\AppData\Roaming\Sun
2015-12-28 20:12 - 2015-12-28 20:12 - 00000000 ____D C:\Users\Nadia\AppData\LocalLow\Sun
2015-12-28 20:11 - 2015-12-28 20:12 - 00000000 ____D C:\ProgramData\Oracle
2015-12-28 20:11 - 2015-12-28 20:11 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-12-28 20:11 - 2015-12-28 20:11 - 00000000 ____D C:\Users\Nadia\.oracle_jre_usage
2015-12-28 20:11 - 2015-12-28 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-28 20:11 - 2015-12-28 20:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-28 20:09 - 2015-12-28 20:09 - 00584288 _____ (Oracle Corporation) C:\Users\Nadia\Downloads\JavaSetup8u66.exe
2015-12-28 20:09 - 2015-12-28 20:09 - 00000000 ____D C:\Users\Nadia\AppData\LocalLow\Oracle
2015-12-28 19:21 - 2015-12-28 19:23 - 00003252 _____ C:\Users\Nadia\Desktop\Rkill.txt
2015-12-28 19:12 - 2015-12-28 19:13 - 00255236 _____ C:\TDSSKiller.3.1.0.9_28.12.2015_19.12.07_log.txt
2015-12-28 18:50 - 2015-12-28 18:50 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-12-28 18:49 - 2015-12-28 20:04 - 00156966 _____ C:\WINDOWS\ntbtlog.txt
2015-12-28 18:44 - 2015-12-28 18:44 - 00000000 ____D C:\Users\Nadia\Doctor Web
2015-12-28 18:41 - 2015-12-28 18:43 - 179917560 _____ C:\Users\Nadia\Desktop\0xys9xaf.exe
2015-12-28 18:38 - 2015-12-28 18:38 - 00000554 _____ C:\Users\Nadia\Desktop\JRT.txt
2015-12-28 18:35 - 2015-12-28 18:35 - 01599336 _____ (Malwarebytes) C:\Users\Nadia\Downloads\JRT (1).exe
2015-12-28 18:18 - 2015-12-28 18:19 - 01599336 _____ (Malwarebytes) C:\Users\Nadia\Downloads\JRT.exe
2015-12-28 18:14 - 2016-01-08 08:27 - 00000000 ____D C:\AdwCleaner
2015-12-28 18:13 - 2015-12-28 18:13 - 01743360 _____ C:\Users\Nadia\Downloads\AdwCleaner.exe
2015-12-28 18:04 - 2015-12-28 18:05 - 00037472 _____ C:\Users\Nadia\Downloads\Addition.txt
2015-12-28 18:03 - 2015-12-28 18:05 - 00057623 _____ C:\Users\Nadia\Downloads\FRST.txt
2015-12-28 18:01 - 2016-01-08 11:48 - 00000000 ____D C:\FRST
2015-12-28 18:01 - 2015-12-28 18:01 - 02370560 _____ (Farbar) C:\Users\Nadia\Downloads\FRST64.exe
2015-12-28 17:33 - 2015-12-06 23:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-28 17:33 - 2015-12-06 22:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-28 17:33 - 2015-12-06 22:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-28 17:32 - 2015-12-06 23:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-28 17:32 - 2015-12-06 23:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-28 17:32 - 2015-12-06 23:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-28 17:32 - 2015-12-06 23:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-28 17:32 - 2015-12-06 23:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-28 17:32 - 2015-12-06 23:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-28 17:32 - 2015-12-06 23:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-28 17:32 - 2015-12-06 23:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-28 17:32 - 2015-12-06 23:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-28 17:32 - 2015-12-06 23:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-28 17:32 - 2015-12-06 23:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-28 17:32 - 2015-12-06 23:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-28 17:32 - 2015-12-06 23:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-28 17:32 - 2015-12-06 23:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-28 17:32 - 2015-12-06 23:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-28 17:32 - 2015-12-06 23:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-28 17:32 - 2015-12-06 23:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-28 17:32 - 2015-12-06 23:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-28 17:32 - 2015-12-06 23:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-28 17:32 - 2015-12-06 23:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-28 17:32 - 2015-12-06 23:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-28 17:32 - 2015-12-06 23:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-28 17:32 - 2015-12-06 23:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-28 17:32 - 2015-12-06 23:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-28 17:32 - 2015-12-06 23:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-28 17:32 - 2015-12-06 23:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-28 17:32 - 2015-12-06 23:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-28 17:32 - 2015-12-06 23:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-28 17:32 - 2015-12-06 22:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-28 17:32 - 2015-12-06 22:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-28 17:32 - 2015-12-06 22:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-28 17:32 - 2015-12-06 22:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-28 17:32 - 2015-12-06 22:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-28 17:32 - 2015-12-06 22:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-28 17:32 - 2015-12-06 22:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-28 17:32 - 2015-12-06 22:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-28 17:32 - 2015-12-06 22:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-28 17:32 - 2015-12-06 22:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-28 17:32 - 2015-12-06 22:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-28 17:32 - 2015-12-06 22:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-28 17:32 - 2015-12-06 22:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-28 17:32 - 2015-12-06 22:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-28 17:32 - 2015-12-06 22:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-28 17:32 - 2015-12-06 22:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-28 17:32 - 2015-12-06 22:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-28 17:32 - 2015-12-06 22:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-28 17:32 - 2015-12-06 22:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-28 17:32 - 2015-12-06 22:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-28 17:32 - 2015-12-06 22:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-28 17:32 - 2015-12-06 22:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-28 17:32 - 2015-12-06 22:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-28 17:32 - 2015-12-06 22:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-28 17:32 - 2015-12-06 22:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-28 17:32 - 2015-12-06 22:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-28 17:32 - 2015-12-06 22:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-28 17:32 - 2015-12-06 22:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-28 17:32 - 2015-12-06 22:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-28 17:32 - 2015-12-06 22:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-28 17:32 - 2015-12-06 22:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-28 17:32 - 2015-12-06 22:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-28 17:32 - 2015-12-06 22:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-28 17:31 - 2015-12-06 23:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-28 17:31 - 2015-12-06 23:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-28 17:31 - 2015-12-06 23:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-28 17:31 - 2015-12-06 23:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-28 17:31 - 2015-12-06 23:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-28 17:31 - 2015-12-06 22:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-28 17:31 - 2015-12-06 22:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-28 13:07 - 2015-12-28 13:07 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-28 13:04 - 2015-12-28 13:04 - 00000000 ____D C:\Users\Nadia\AppData\Roaming\Macromedia
2015-12-28 12:57 - 2015-12-28 20:15 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5B3095DF-304C-40FA-8B7E-DB6D8DF0553A}
2015-12-28 12:57 - 2015-12-28 12:57 - 00102400 _____ C:\Users\Nadia\Documents\EasyBCD Backup (2015-12-28).bcd
2015-12-28 12:43 - 2015-12-28 12:43 - 00000000 ____D C:\Users\Nadia\AppData\Local\PeerDistRepub
2015-12-28 12:19 - 2015-12-28 12:19 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\dvqpqbkh.sys
2015-12-28 11:59 - 2015-12-28 17:54 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-28 11:36 - 2014-05-24 19:36 - 00015360 _____ C:\WINDOWS\system32\SppExtComObjHook.dll
2015-12-28 11:36 - 2014-05-24 19:36 - 00004608 _____ C:\WINDOWS\system32\SppExtComObjPatcher.exe
2015-12-28 11:29 - 2015-12-28 11:32 - 00262718 _____ C:\TDSSKiller.3.1.0.9_28.12.2015_11.29.48_log.txt
2015-12-28 11:28 - 2015-12-28 11:28 - 00000364 _____ C:\TDSSKiller.3.1.0.5_28.12.2015_11.28.00_log.txt
2015-12-28 11:25 - 2016-01-08 09:59 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-12-28 11:25 - 2015-12-28 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-12-28 11:25 - 2015-12-28 11:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-12-28 11:08 - 2015-12-28 19:29 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-28 11:08 - 2015-12-28 11:08 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-28 11:08 - 2015-12-28 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-28 11:08 - 2015-12-28 11:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-28 11:08 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-28 11:08 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-28 10:54 - 2015-12-28 13:02 - 00000000 ____D C:\Users\Nadia\AppData\Local\CrashDumps
2015-12-18 10:18 - 2015-12-18 10:19 - 00252852 _____ C:\TDSSKiller.3.1.0.5_18.12.2015_10.18.37_log.txt
2015-12-17 11:13 - 2015-12-17 11:13 - 00000000 ___RD C:\Users\D Palmer\Documents\RocketLifeNetwork
2015-12-17 11:11 - 2016-01-08 11:25 - 00000482 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-12-17 11:11 - 2015-12-17 11:13 - 00003576 _____ C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator
2015-12-17 11:11 - 2015-12-17 11:13 - 00002048 _____ C:\Users\D Palmer\Desktop\HP Photo Creations.lnk
2015-12-17 11:11 - 2015-12-17 11:13 - 00000000 ____D C:\Users\D Palmer\AppData\Roaming\Visan
2015-12-17 11:11 - 2015-12-17 11:13 - 00000000 ____D C:\Users\D Palmer\AppData\Roaming\HP Photo Creations
2015-12-17 11:11 - 2015-12-17 11:11 - 00000000 ____D C:\Users\D Palmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-12-14 09:01 - 2015-12-14 09:01 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-14 09:01 - 2015-12-14 09:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-14 09:00 - 2015-12-14 09:01 - 00000000 ____D C:\Program Files\iTunes
2015-12-14 09:00 - 2015-12-14 09:00 - 00000000 ____D C:\Program Files\iPod
2015-12-14 09:00 - 2015-12-14 09:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-14 08:52 - 2015-12-14 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-12-14 08:51 - 2015-12-14 08:51 - 00001925 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-12-14 08:51 - 2015-12-14 08:51 - 00000000 ____D C:\Users\D Palmer\AppData\LocalLow\Apple Computer
2015-12-14 08:51 - 2015-12-14 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-12-14 08:51 - 2015-12-14 08:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-12-11 22:50 - 2015-12-28 11:29 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Nadia\Downloads\TDSSKiller.exe
2015-12-11 16:17 - 2015-12-11 16:17 - 01532001 _____ C:\Users\D Palmer\Downloads\metrologyandgeometricdimensioningandtolerancing-140519071212-phpapp02.pdf
2015-12-11 10:44 - 2015-12-11 10:44 - 00000000 ____D C:\Users\D Palmer\Documents\Custom Office Templates
2015-12-11 10:41 - 2015-12-11 10:41 - 00001205 _____ C:\Users\D Palmer\Desktop\Resume.lnk
2015-12-11 10:41 - 2015-12-11 10:41 - 00001177 _____ C:\Users\D Palmer\Desktop\Cover Letter.lnk
2015-12-10 23:30 - 2015-12-01 02:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-10 23:30 - 2015-11-24 07:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-10 23:30 - 2015-11-24 06:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-10 23:30 - 2015-11-24 05:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-10 23:30 - 2015-11-24 05:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-10 23:30 - 2015-11-24 04:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-10 23:30 - 2015-11-24 04:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-10 23:30 - 2015-11-24 04:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-10 23:30 - 2015-11-24 04:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-10 23:30 - 2015-11-24 04:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-10 23:30 - 2015-11-24 04:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-10 23:30 - 2015-11-24 04:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-10 23:30 - 2015-11-24 03:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-10 23:30 - 2015-11-24 03:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-10 23:30 - 2015-11-24 03:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-10 23:30 - 2015-11-24 03:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-10 23:30 - 2015-11-24 03:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-10 23:30 - 2015-11-24 03:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-10 23:30 - 2015-11-24 03:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-10 23:30 - 2015-11-24 02:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-10 23:30 - 2015-11-24 02:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-10 23:30 - 2015-11-24 02:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-10 23:30 - 2015-11-24 02:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-10 23:30 - 2015-11-24 02:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-10 23:30 - 2015-11-24 02:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-10 23:30 - 2015-11-24 02:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-10 23:30 - 2015-11-24 02:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-10 23:19 - 2015-12-10 23:19 - 00000000 _____ C:\Users\D Palmer\Desktop\New Text Document (2).txt
2015-12-10 23:09 - 2015-12-10 23:09 - 00302011 _____ C:\Users\D Palmer\Downloads\WindowsUpdateDiagnostic.diagcab
2015-12-10 23:04 - 2015-12-10 23:04 - 00000000 ____D C:\Users\D Palmer\AppData\LocalLow\Temp
2015-12-10 21:53 - 2015-12-10 22:57 - 00000000 ____D C:\Users\D Palmer\3D Objects
2015-12-10 21:01 - 2015-12-10 23:11 - 00000000 ____D C:\Users\D Palmer\AppData\Local\ElevatedDiagnostics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 11:39 - 2015-10-07 09:35 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-08 11:21 - 2015-10-14 20:08 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-08 10:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-08 10:04 - 2015-10-14 13:02 - 00000000 ____D C:\ProgramData\KMSAutoS
2016-01-08 10:03 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-08 08:28 - 2015-10-08 10:08 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{297ABD72-3527-4B29-B5F6-FBF5D2C1CCCD}
2016-01-08 08:21 - 2015-10-14 20:08 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-08 08:21 - 2015-10-01 15:03 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-01-08 08:20 - 2015-11-27 16:20 - 00000000 ____D C:\Users\D Palmer
2016-01-08 08:19 - 2015-11-27 16:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-08 08:19 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-01-08 08:18 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-01-07 15:07 - 2015-10-07 14:16 - 00000000 ____D C:\Users\D Palmer\AppData\Local\Packages
2016-01-07 10:08 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-07 10:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-07 09:54 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-28 21:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-28 21:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-28 21:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-28 21:12 - 2015-11-27 16:20 - 00000000 ____D C:\Users\Nadia
2015-12-28 20:14 - 2015-12-01 14:34 - 00000000 ____D C:\Users\Nadia\AppData\Local\Google
2015-12-28 20:04 - 2015-10-07 09:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-28 19:13 - 2015-10-07 07:13 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-12-28 17:24 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-28 17:24 - 2015-10-01 14:29 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-28 13:03 - 2015-12-01 10:19 - 00000000 ____D C:\ProgramData\Skype
2015-12-28 12:50 - 2015-10-06 16:00 - 00000000 ____D C:\Users\Nadia\AppData\Local\MicrosoftEdge
2015-12-28 12:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-28 11:24 - 2015-12-08 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-12-28 11:24 - 2015-12-08 11:01 - 00000000 ____D C:\Program Files\RogueKiller
2015-12-28 11:23 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-28 11:19 - 2015-10-14 12:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-28 11:18 - 2014-09-05 21:18 - 00000000 ____D C:\Bleeping Computer
2015-12-28 11:03 - 2015-10-01 21:25 - 00000000 ____D C:\Users\Nadia\AppData\Roaming\Apple Computer
2015-12-28 10:51 - 2015-10-01 21:26 - 00002378 _____ C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-28 10:51 - 2014-12-17 17:20 - 00000000 __RDO C:\Users\Nadia\OneDrive
2015-12-18 10:27 - 2015-10-14 14:09 - 00000000 ____D C:\Users\D Palmer\AppData\Local\Apple Computer
2015-12-17 16:59 - 2015-11-09 11:57 - 00000000 ___RD C:\Users\D Palmer\iCloudDrive
2015-12-17 16:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-17 11:51 - 2015-10-14 13:20 - 00001129 _____ C:\Users\D Palmer\Desktop\WD My Cloud.lnk
2015-12-17 11:30 - 2015-10-14 20:09 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-17 11:10 - 2015-10-20 14:59 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-12-16 09:40 - 2015-12-02 22:27 - 00000000 ____D C:\Users\D Palmer\AppData\Local\Windows Live
2015-12-14 09:00 - 2015-10-14 14:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-12 03:35 - 2015-11-27 16:11 - 00334416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-12 03:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-11 08:30 - 2015-10-27 20:22 - 00000000 ____D C:\Users\D Palmer\Documents\Twitter
2015-12-10 23:41 - 2015-10-17 18:04 - 00000000 ____D C:\Users\D Palmer\AppData\Local\CrashDumps
2015-12-10 23:21 - 2015-09-10 00:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-10 22:58 - 2015-11-27 16:20 - 00000000 ____D C:\Users\David
2015-12-10 22:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-12-10 22:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-12-10 22:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-10 22:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-12-10 22:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-12-10 22:58 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-10 22:57 - 2015-10-14 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-10 22:56 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\catroot2old
2015-12-10 22:48 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\registration
2015-12-10 22:12 - 2015-10-07 07:48 - 00000000 ____D C:\Users\D Palmer\Documents\Ava Stuff
2015-12-10 20:47 - 2015-10-07 08:15 - 00000000 ____D C:\Users\D Palmer\Documents\PEO
2015-12-10 15:20 - 2015-10-07 07:39 - 00000000 ____D C:\Users\D Palmer\Documents\!CONFIRMATION Forms
2015-12-10 15:17 - 2015-11-06 09:55 - 00000359 _____ C:\Users\D Palmer\Desktop\REcruiters.txt
2015-12-09 13:09 - 2015-10-01 19:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 13:00 - 2015-10-01 19:50 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-10-20 14:58 - 2015-10-20 14:58 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\D Palmer\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Nadia\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Nadia\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-07 11:18

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by D Palmer (2016-01-08 11:50:30)
Running from C:\Users\D Palmer\Downloads
Windows 10 Pro (X64) (2015-11-27 21:49:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3077098461-1490948580-1842899254-500 - Administrator - Disabled)
avaol (S-1-5-21-3077098461-1490948580-1842899254-1012 - Limited - Disabled)
David (S-1-5-21-3077098461-1490948580-1842899254-1001 - Administrator - Enabled) => C:\Users\David
D Palmer (S-1-5-21-3077098461-1490948580-1842899254-1010 - Administrator - Enabled) => C:\Users\D Palmer
DefaultAccount (S-1-5-21-3077098461-1490948580-1842899254-503 - Limited - Disabled)
Guest (S-1-5-21-3077098461-1490948580-1842899254-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3077098461-1490948580-1842899254-1006 - Limited - Enabled)
Nadia (S-1-5-21-3077098461-1490948580-1842899254-1004 - Administrator - Enabled) => C:\Users\Nadia

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photo Creations (HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\HP Photo Creations) (Version: 1.0.0.19522 - HP)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6366.2036 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 driver (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.6 - NETGEAR)
NETGEAR WNDA3100v3 (x32 Version: 1.0.0.10 - NETGEAR) Hidden
NETGEAR WNDA3100v3 Genie (HKLM-x32\...\InstallShield_{60C50FCC-545B-4D5D-B0D1-4A773143BCE7}) (Version: 1.0.0.10 - NETGEAR)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
WD My Cloud (HKLM-x32\...\WD My Cloud) (Version: 1.0.2.34 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3077098461-1490948580-1842899254-1010_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\D Palmer\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00FF2D92-0CE2-4CE1-8D7C-B2F813E2228C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {0BAA2FEF-65EA-451F-92FE-CD940F3420F4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-12-06] (Microsoft Corporation)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1975F2AE-6164-4CA0-9F1B-3007C764D663} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2015-12-06] (Microsoft Corporation)
Task: {1F5C77A5-E59A-4948-A8A6-693846B8F77B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-14] (Google Inc.)
Task: {1FE4E819-D86D-4E61-B659-9A6FB91FCE24} - System32\Tasks\HP Photo Creations Communicator => C:\Users\D Palmer\AppData\Roaming\HP Photo Creations\Communicator.exe [2015-12-17] ()
Task: {478C8425-FBB9-46D4-9E31-A76DA521F030} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {54DF31E5-5FC0-477B-9DEB-9BB98382B43E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {83CA283C-F578-427E-8A39-AB3B21C08129} - System32\Tasks\Western Digital\SmartWare\____Volume_4d76da9e_3d3b_11e4_be66_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a9b87d59_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-07-20] (Western Digital Technologies, Inc.)
Task: {B8C9477F-AC29-455C-BD00-A2FB3FB1B314} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3077098461-1490948580-1842899254-1001
Task: {C2F4BF32-CF46-4279-9FFF-F9CC6C78C89E} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
Task: {C64585B1-8B25-48C1-89EB-C5212816C3F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-14] (Google Inc.)
Task: {E41D8C40-298D-4E80-8A4E-7A01FB70BDD3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {FD24BF9A-9EBA-459B-B76D-6F14BDFE4E26} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\D Palmer\AppData\Roaming\HP Photo Creations\Communicator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-14 12:45 - 2015-12-04 03:52 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-11-02 12:06 - 2014-12-23 19:15 - 00316128 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2015-12-02 20:41 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-17 08:38 - 2015-12-17 08:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-02 20:41 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-28 11:16 - 2015-12-04 06:52 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-12-28 17:31 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-28 17:31 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-28 17:32 - 2015-12-06 22:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-28 17:32 - 2015-12-06 22:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-28 17:32 - 2015-12-06 22:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-28 17:32 - 2015-12-06 22:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-11-02 12:06 - 2015-03-05 18:22 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2015-12-28 11:16 - 2015-12-04 06:17 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2015-12-17 08:38 - 2015-12-17 08:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-17 08:38 - 2015-12-17 08:39 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-17 11:29 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 11:29 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-14 12:47 - 2015-10-14 12:48 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll
2015-12-28 11:11 - 2015-12-04 06:14 - 01064104 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2015-12-28 11:16 - 2015-12-28 11:17 - 00452776 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-01 17:42 - 2015-10-01 17:38 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "IntelliPoint"
HKLM\...\StartupApproved\Run32: => "WNDA3100v3"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{347DD435-1CEB-40EB-A26C-7AB272B66594}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{12349567-908D-4B54-8DAE-2B5483F7254A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F33EEDB9-3C72-4F8A-B7B7-5152749E0F9F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B41229A6-2F19-4AE5-890B-75114C104A60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2266742A-B04F-4C3A-BE8D-F80933A5369B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CEF9FE7F-0845-4A88-B891-F49AAAEC6153}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F354FEAB-670D-40F7-B684-5CA119A2257F}] => (Allow) LPort=5357
FirewallRules: [{596D7070-1633-46B0-897D-44B93CE8154F}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{761D9D91-95C7-47C5-8FFA-45D86F17F0C0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FB669B07-6743-44DD-B6F0-F0D097654659}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CAC8E332-B99E-46EF-ACCA-05E028D2600D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CE2107E3-371E-4E96-BDF8-79C6AC9FBC8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E80537EC-F6C3-45E7-B358-9D4AA9E1687A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{B4B1E7DF-112D-4241-A059-D6DDB3CAB466}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{A150C99A-158F-44F2-8D6B-861D9C44AC56}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{EE991093-5990-4C17-8317-974C044E157A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{B10EE254-4DDA-4CDB-97C0-4EFB0AFB7428}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsSlideShow.exe
FirewallRules: [{B3DA6AAC-7C0F-4332-9267-B40C9B636409}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsSlideShow.exe
FirewallRules: [{C1D1925E-6E3A-41F4-96DF-336717E3E75C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsSlideShow.exe
FirewallRules: [{2C602084-6343-4131-8804-B45D783B1F71}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsSlideShow.exe
FirewallRules: [{4F1AA931-208F-4C3E-ACCC-557BECBDAF73}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe
FirewallRules: [{D54C206C-DDFC-40E7-8F57-AB5F7F24E7F9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe
FirewallRules: [{50FAFE63-6463-4E84-862F-A0CA0F7D2465}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe
FirewallRules: [{13389FD2-05F8-4C0A-8123-6959ED3CEF1E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe
FirewallRules: [{99D474A0-1AD4-49AB-BD67-A08284556447}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
FirewallRules: [{76AC66B9-197B-4850-8580-5D7F6AAAE741}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
FirewallRules: [{6908CE95-7ABF-4CB2-8307-34DA72B8432B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
FirewallRules: [{31A50970-7968-4127-A84A-F6A83ACC2FD8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
FirewallRules: [{1A8C1003-E566-4A1E-8043-C1F507A8B284}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
FirewallRules: [{FE01D9BC-B437-4533-A2CB-A761D7217468}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
FirewallRules: [{13C893E6-FAA3-4F5B-842A-7AE469307756}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
FirewallRules: [{A7563588-A7B0-4C59-840F-44E3BA8D90D8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
FirewallRules: [{B7660C12-F6A2-4657-9B4F-605C284DCD8C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
FirewallRules: [{FD7353E8-1117-4A24-B48F-FF7F1DD961D5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
FirewallRules: [{93BB0E97-47AF-4C64-9F9A-BFD856CDB540}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
FirewallRules: [{D2EEDE50-299C-4997-A2D8-408F2618A907}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
FirewallRules: [{99EFB491-866A-4381-AA41-16FF782D2A19}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
FirewallRules: [{029ED816-5652-4614-9055-3ED39502D25E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
FirewallRules: [{1634F2FA-536A-46DA-913D-CAAEAA2A93B7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
FirewallRules: [{A2172E62-4EC0-41E0-B07F-6D4A8A240B70}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
FirewallRules: [{A3F17E8F-B4BC-4B62-BECB-3335A50BC138}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe
FirewallRules: [{B587558C-2935-43E8-89BA-0CFDEE97BE45}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe
FirewallRules: [{BA111F67-903C-4DD1-B5B6-47C376AFD9C4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe
FirewallRules: [{447CE6DE-3E85-42EC-8ADD-0DF9357A25C5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe
FirewallRules: [{807A6173-3BA7-4D41-BCB5-859EE39C2246}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
FirewallRules: [{3B967E66-9381-47DC-B262-B43CDD70FC59}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
FirewallRules: [{1892C3D8-FD68-4497-9EDD-184EC6B25457}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
FirewallRules: [{FCABF5F9-8358-42D9-A5A6-A5015B230732}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
FirewallRules: [{4260CA3F-CD8D-43C6-9D6C-07BFD9E5F30A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
FirewallRules: [{18CDBDB9-BCE9-4435-A82E-B4A1941AC913}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
FirewallRules: [{2D174E28-F765-4B3B-BEF9-1327FD41CA08}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
FirewallRules: [{94BFA386-E97B-4A27-A98E-FD68BF57351E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
FirewallRules: [{10EA44B2-1DA1-45D4-9C0C-BABBBADAE621}] => (Allow) C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig64.exe
FirewallRules: [{CF2D0BB9-E2E1-4941-B62B-A6CF665904C2}] => (Allow) C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig64.exe
FirewallRules: [{5E854FA4-8D06-4C4E-82C6-6154CE85F4E6}] => (Allow) C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig64.exe
FirewallRules: [{81B870F6-488C-4EDD-B628-32EA1617B5F0}] => (Allow) C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig64.exe
FirewallRules: [{9E6499CA-8ECB-46F6-A212-5DA7E17CA607}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CF310729-E931-4B90-A41A-C35664146319}] => (Allow) LPort=2869
FirewallRules: [{1B5A89A7-65A8-4588-8DEA-154F8242D341}] => (Allow) LPort=1900
FirewallRules: [{4981335F-21B1-4A40-9B1C-D04A2248C455}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1019F539-885F-49ED-A07E-94BE964A5B42}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6D0D2AC0-C0F1-4485-B91D-BF7BB0BC104D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E2AF232F-C2B0-488E-856C-695841493D04}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1341C71A-0CB5-4F8E-A04C-57302E51DC90}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8FBE5BBE-38F8-4CB4-8054-DE874E779609}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{98A5B7CF-A2C6-4D24-A927-973AA813A34A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

==================== Restore Points =========================

10-11-2015 23:11:19 Snagit 12
10-12-2015 22:34:34 Restore Operation
28-12-2015 12:59:38 Removed Skype Click to Call
28-12-2015 18:35:42 JRT Pre-Junkware Removal
07-01-2016 10:05:31 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2016 08:20:54 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/08/2016 08:20:51 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/08/2016 08:11:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59214031

Error: (01/08/2016 08:11:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59214031

Error: (01/08/2016 08:11:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/08/2016 08:11:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59211766

Error: (01/08/2016 08:11:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59211766

Error: (01/08/2016 08:11:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/07/2016 02:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7103687

Error: (01/07/2016 02:59:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7103687


System errors:
=============
Error: (01/08/2016 10:03:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KMSEmulator service failed to start due to the following error:
%%1053

Error: (01/08/2016 10:03:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the KMSEmulator service to connect.

Error: (01/08/2016 10:02:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KMSEmulator service failed to start due to the following error:
%%1053

Error: (01/08/2016 10:02:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the KMSEmulator service to connect.

Error: (01/08/2016 10:01:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KMSEmulator service failed to start due to the following error:
%%1053

Error: (01/08/2016 10:01:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the KMSEmulator service to connect.

Error: (01/08/2016 09:48:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/08/2016 08:19:47 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (01/08/2016 08:18:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_aa25d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/08/2016 08:18:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_aa25d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-01-08 11:50:59.461
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-08 11:50:59.450
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-08 08:37:58.191
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-08 08:37:58.180
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-08 08:30:02.599
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-08 08:30:02.460
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-04 11:17:38.689
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-04 11:17:38.668
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-28 21:16:34.170
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-28 11:35:34.343
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 53%
Total physical RAM: 6044.36 MB
Available physical RAM: 2801.76 MB
Total Virtual: 7004.36 MB
Available Virtual: 3630.61 MB

==================== Drives ================================

Drive c: (S3A9767D001) (Fixed) (Total:262.87 GB) (Free:21.27 GB) NTFS
Drive d: (Video) (Fixed) (Total:200.92 GB) (Free:30.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A5DC0937)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=262.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=510 MB) - (Type=27)
Partition 4: (Not Active) - (Size=200.9 GB) - (Type=OF Extended)

==================== End of Addition.txt

Attached Files


Edited by Oh My!, 09 January 2016 - 09:20 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:19 PM

Posted 09 January 2016 - 09:24 AM

Greetings David and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Professional Plus 2016 and all other products for which you do not have a valid Product Key. If you are willing to do that please rerun a FRST scan with Addition.txt and post both logs. If you prefer to leave the programs on your computer let me know that and I will be closing the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 11 January 2016 - 08:49 AM

Thank you Gary,
 
Sorry about the delay... Removing the software is a task.
 
Over 2000 OUTLOOK Contacts and addresses required additional care.
 
Thank you again for your time and response.
 
I have attached the FRST and ADDITION files.
 
 
Can I also add a #5?
My 'RUN' task has not been working as well.
 
WIN key + X
Run
 
I can only access RUN via other routes, figure its just a Windows error and not anything else?
 
 
 
Anything you can do to help would be appreciated.
David

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by David J Palmer (administrator) on DAVID-LAPTOP (11-01-2016 08:42:42)
Running from C:\Users\David J Palmer\Downloads
Loaded Profiles: David & Nadia & David J Palmer (Available Profiles: David & Nadia & David J Palmer)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxTsr.exe
(TuneIn) C:\Program Files\WindowsApps\TuneIn.TuneInRadio_3.0.1650.0_x64__6bhtb546zcxnj\TuneIn.exe
(Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
(Microsoft Corporation) C:\Windows\System32\PickerHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\Temp\ose00000.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.5.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-09-30] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WNDA3100v3] => C:\Program Files (x86)\NETGEAR\WNDA3100v3\WNDA3100v3.EXE [6243040 2015-01-15] (NETGEAR)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1004\...\RunOnce: [Uninstall C:\Users\Nadia\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Nadia\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [GoogleChromeAutoLaunch_EF085571F10D50D7A85F41A90AA9CC20] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-01] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2b4b8b59-f082-4ca2-bda3-9aa0b7e02edd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3a572ab1-cff6-427b-a547-2bd42fe237b3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6c2b2513-d100-450b-81d4-82aa8746dafe}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3077098461-1490948580-1842899254-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3077098461-1490948580-1842899254-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
URLSearchHook: [S-1-5-21-3077098461-1490948580-1842899254-1001_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3077098461-1490948580-1842899254-1004_classes] ATTENTION => Default URLSearchHook is missing
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-28] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-28] (Oracle Corporation)

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-3077098461-1490948580-1842899254-1010: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\David J Palmer\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-14]
CHR Extension: (Google Docs) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-14]
CHR Extension: (Google Drive) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Hootsuite Hootlet) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2015-12-17]
CHR Extension: (YouTube) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-14]
CHR Extension: (Google Search) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Post To Tumblr) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpicbbcpanckagpdjflgojlknomoiah [2015-12-11]
CHR Extension: (Full Page Screen Capture) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-11-06]
CHR Extension: (Google Sheets) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-14]
CHR Extension: (iCloud Bookmarks) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Post to Tumblr) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkpjkniknhaojcebeaallaglkmhlcno [2015-12-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-14]
CHR Extension: (Buffer) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2015-11-27]
CHR Extension: (Gmail) - C:\Users\David J Palmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-30] (Synaptics Incorporated)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [316128 2014-12-23] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4332720 2015-11-02] (Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-09-30] (Intel Corporation)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 RimVSerPort; C:\Windows\System32\drivers\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-09-30] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-30] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-28] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 11:48 - 2016-01-11 08:42 - 00018391 _____ C:\Users\David J Palmer\Downloads\FRST.txt
2016-01-08 11:47 - 2016-01-08 11:48 - 02370560 _____ (Farbar) C:\Users\David J Palmer\Downloads\FRST64.exe
2016-01-08 10:59 - 2016-01-08 11:03 - 00002854 _____ C:\Users\David J Palmer\Desktop\Rkill.txt
2016-01-08 10:22 - 2016-01-08 10:22 - 00000000 ____D C:\Users\David J Palmer\AppData\Roaming\SUPERAntiSpyware.com
2016-01-08 10:21 - 2016-01-08 10:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-08 10:21 - 2016-01-08 10:21 - 00001860 _____ C:\Users\David J Palmer\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-01-08 10:21 - 2016-01-08 10:21 - 00000000 ____D C:\Users\David J Palmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-08 10:21 - 2016-01-08 10:21 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-08 10:19 - 2016-01-08 10:20 - 24377856 _____ (SUPERAntiSpyware) C:\Users\David J Palmer\Downloads\SUPERAntiSpyware.exe
2016-01-08 08:27 - 2016-01-08 08:27 - 01749504 _____ C:\Users\David J Palmer\Downloads\AdwCleaner.exe
2016-01-07 10:11 - 2016-01-07 10:11 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\David J Palmer\Downloads\rkill (1).exe
2016-01-07 10:05 - 2016-01-07 10:05 - 01599336 _____ (Malwarebytes) C:\Users\David J Palmer\Downloads\JRT (1).exe
2016-01-04 11:05 - 2016-01-04 11:05 - 00561500 _____ C:\Users\David J Palmer\Downloads\vision21-1587402168.pdf
2015-12-28 20:12 - 2015-12-28 20:12 - 00000000 ____D C:\Users\Nadia\AppData\Roaming\Sun
2015-12-28 20:12 - 2015-12-28 20:12 - 00000000 ____D C:\Users\Nadia\AppData\LocalLow\Sun
2015-12-28 20:11 - 2015-12-28 20:12 - 00000000 ____D C:\ProgramData\Oracle
2015-12-28 20:11 - 2015-12-28 20:11 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-12-28 20:11 - 2015-12-28 20:11 - 00000000 ____D C:\Users\Nadia\.oracle_jre_usage
2015-12-28 20:11 - 2015-12-28 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-28 20:11 - 2015-12-28 20:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-28 20:09 - 2015-12-28 20:09 - 00584288 _____ (Oracle Corporation) C:\Users\Nadia\Downloads\JavaSetup8u66.exe
2015-12-28 20:09 - 2015-12-28 20:09 - 00000000 ____D C:\Users\Nadia\AppData\LocalLow\Oracle
2015-12-28 19:21 - 2015-12-28 19:23 - 00003252 _____ C:\Users\Nadia\Desktop\Rkill.txt
2015-12-28 19:12 - 2015-12-28 19:13 - 00255236 _____ C:\TDSSKiller.3.1.0.9_28.12.2015_19.12.07_log.txt
2015-12-28 18:50 - 2015-12-28 18:50 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-12-28 18:49 - 2015-12-28 20:04 - 00156966 _____ C:\WINDOWS\ntbtlog.txt
2015-12-28 18:44 - 2015-12-28 18:44 - 00000000 ____D C:\Users\Nadia\Doctor Web
2015-12-28 18:41 - 2015-12-28 18:43 - 179917560 _____ C:\Users\Nadia\Desktop\0xys9xaf.exe
2015-12-28 18:38 - 2015-12-28 18:38 - 00000554 _____ C:\Users\Nadia\Desktop\JRT.txt
2015-12-28 18:35 - 2015-12-28 18:35 - 01599336 _____ (Malwarebytes) C:\Users\Nadia\Downloads\JRT (1).exe
2015-12-28 18:18 - 2015-12-28 18:19 - 01599336 _____ (Malwarebytes) C:\Users\Nadia\Downloads\JRT.exe
2015-12-28 18:14 - 2016-01-08 08:27 - 00000000 ____D C:\AdwCleaner
2015-12-28 18:13 - 2015-12-28 18:13 - 01743360 _____ C:\Users\Nadia\Downloads\AdwCleaner.exe
2015-12-28 18:04 - 2015-12-28 18:05 - 00037472 _____ C:\Users\Nadia\Downloads\Addition.txt
2015-12-28 18:03 - 2015-12-28 18:05 - 00057623 _____ C:\Users\Nadia\Downloads\FRST.txt
2015-12-28 18:01 - 2016-01-11 08:42 - 00000000 ____D C:\FRST
2015-12-28 18:01 - 2015-12-28 18:01 - 02370560 _____ (Farbar) C:\Users\Nadia\Downloads\FRST64.exe
2015-12-28 17:33 - 2015-12-06 23:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-28 17:33 - 2015-12-06 22:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-28 17:33 - 2015-12-06 22:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-28 17:32 - 2015-12-06 23:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-28 17:32 - 2015-12-06 23:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-28 17:32 - 2015-12-06 23:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-28 17:32 - 2015-12-06 23:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-28 17:32 - 2015-12-06 23:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-28 17:32 - 2015-12-06 23:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-28 17:32 - 2015-12-06 23:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-28 17:32 - 2015-12-06 23:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-28 17:32 - 2015-12-06 23:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-28 17:32 - 2015-12-06 23:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-28 17:32 - 2015-12-06 23:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-28 17:32 - 2015-12-06 23:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-28 17:32 - 2015-12-06 23:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-28 17:32 - 2015-12-06 23:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-28 17:32 - 2015-12-06 23:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-28 17:32 - 2015-12-06 23:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-28 17:32 - 2015-12-06 23:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-28 17:32 - 2015-12-06 23:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-28 17:32 - 2015-12-06 23:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-28 17:32 - 2015-12-06 23:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-28 17:32 - 2015-12-06 23:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-28 17:32 - 2015-12-06 23:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-28 17:32 - 2015-12-06 23:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-28 17:32 - 2015-12-06 23:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-28 17:32 - 2015-12-06 23:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-28 17:32 - 2015-12-06 23:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-28 17:32 - 2015-12-06 23:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-28 17:32 - 2015-12-06 23:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-28 17:32 - 2015-12-06 23:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-28 17:32 - 2015-12-06 23:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-28 17:32 - 2015-12-06 22:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-28 17:32 - 2015-12-06 22:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-28 17:32 - 2015-12-06 22:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-28 17:32 - 2015-12-06 22:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-28 17:32 - 2015-12-06 22:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-28 17:32 - 2015-12-06 22:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-28 17:32 - 2015-12-06 22:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-28 17:32 - 2015-12-06 22:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-28 17:32 - 2015-12-06 22:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-28 17:32 - 2015-12-06 22:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-28 17:32 - 2015-12-06 22:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-28 17:32 - 2015-12-06 22:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-28 17:32 - 2015-12-06 22:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-28 17:32 - 2015-12-06 22:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-28 17:32 - 2015-12-06 22:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-28 17:32 - 2015-12-06 22:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-28 17:32 - 2015-12-06 22:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-28 17:32 - 2015-12-06 22:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-28 17:32 - 2015-12-06 22:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-28 17:32 - 2015-12-06 22:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-28 17:32 - 2015-12-06 22:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-28 17:32 - 2015-12-06 22:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-28 17:32 - 2015-12-06 22:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-28 17:32 - 2015-12-06 22:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-28 17:32 - 2015-12-06 22:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-28 17:32 - 2015-12-06 22:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-28 17:32 - 2015-12-06 22:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-28 17:32 - 2015-12-06 22:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-28 17:32 - 2015-12-06 22:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-28 17:32 - 2015-12-06 22:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-28 17:32 - 2015-12-06 22:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-28 17:32 - 2015-12-06 22:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-28 17:32 - 2015-12-06 22:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-28 17:31 - 2015-12-06 23:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-28 17:31 - 2015-12-06 23:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-28 17:31 - 2015-12-06 23:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-28 17:31 - 2015-12-06 23:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-28 17:31 - 2015-12-06 23:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-28 17:31 - 2015-12-06 22:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-28 17:31 - 2015-12-06 22:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-28 13:07 - 2015-12-28 13:07 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-28 13:04 - 2015-12-28 13:04 - 00000000 ____D C:\Users\Nadia\AppData\Roaming\Macromedia
2015-12-28 12:57 - 2015-12-28 20:15 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5B3095DF-304C-40FA-8B7E-DB6D8DF0553A}
2015-12-28 12:57 - 2015-12-28 12:57 - 00102400 _____ C:\Users\Nadia\Documents\EasyBCD Backup (2015-12-28).bcd
2015-12-28 12:43 - 2015-12-28 12:43 - 00000000 ____D C:\Users\Nadia\AppData\Local\PeerDistRepub
2015-12-28 12:19 - 2015-12-28 12:19 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\dvqpqbkh.sys
2015-12-28 11:59 - 2015-12-28 17:54 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-28 11:36 - 2014-05-24 19:36 - 00015360 _____ C:\WINDOWS\system32\SppExtComObjHook.dll
2015-12-28 11:36 - 2014-05-24 19:36 - 00004608 _____ C:\WINDOWS\system32\SppExtComObjPatcher.exe
2015-12-28 11:29 - 2015-12-28 11:32 - 00262718 _____ C:\TDSSKiller.3.1.0.9_28.12.2015_11.29.48_log.txt
2015-12-28 11:28 - 2015-12-28 11:28 - 00000364 _____ C:\TDSSKiller.3.1.0.5_28.12.2015_11.28.00_log.txt
2015-12-28 11:25 - 2016-01-08 15:34 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-12-28 11:25 - 2015-12-28 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-12-28 11:25 - 2015-12-28 11:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-12-28 11:08 - 2015-12-28 19:29 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-28 11:08 - 2015-12-28 11:08 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-28 11:08 - 2015-12-28 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-28 11:08 - 2015-12-28 11:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-28 11:08 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-28 11:08 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-28 10:54 - 2015-12-28 13:02 - 00000000 ____D C:\Users\Nadia\AppData\Local\CrashDumps
2015-12-18 10:18 - 2015-12-18 10:19 - 00252852 _____ C:\TDSSKiller.3.1.0.5_18.12.2015_10.18.37_log.txt
2015-12-17 11:13 - 2015-12-17 11:13 - 00000000 ___RD C:\Users\David J Palmer\Documents\RocketLifeNetwork
2015-12-17 11:11 - 2016-01-11 08:25 - 00000482 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-12-17 11:11 - 2015-12-17 11:13 - 00003576 _____ C:\WINDOWS\System32\Tasks\HP Photo Creations Communicator
2015-12-17 11:11 - 2015-12-17 11:13 - 00002048 _____ C:\Users\David J Palmer\Desktop\HP Photo Creations.lnk
2015-12-17 11:11 - 2015-12-17 11:13 - 00000000 ____D C:\Users\David J Palmer\AppData\Roaming\Visan
2015-12-17 11:11 - 2015-12-17 11:13 - 00000000 ____D C:\Users\David J Palmer\AppData\Roaming\HP Photo Creations
2015-12-17 11:11 - 2015-12-17 11:11 - 00000000 ____D C:\Users\David J Palmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-12-14 09:01 - 2015-12-14 09:01 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-12-14 09:01 - 2015-12-14 09:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-14 09:00 - 2015-12-14 09:01 - 00000000 ____D C:\Program Files\iTunes
2015-12-14 09:00 - 2015-12-14 09:00 - 00000000 ____D C:\Program Files\iPod
2015-12-14 09:00 - 2015-12-14 09:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-14 08:52 - 2015-12-14 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-12-14 08:51 - 2015-12-14 08:51 - 00001925 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-12-14 08:51 - 2015-12-14 08:51 - 00000000 ____D C:\Users\David J Palmer\AppData\LocalLow\Apple Computer
2015-12-14 08:51 - 2015-12-14 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-12-14 08:51 - 2015-12-14 08:51 - 00000000 ____D C:\Program Files (x86)\QuickTime

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-11 08:40 - 2015-10-07 09:35 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-11 08:36 - 2015-10-08 10:08 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{297ABD72-3527-4B29-B5F6-FBF5D2C1CCCD}
2016-01-11 08:34 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-11 08:34 - 2015-10-14 12:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-11 08:22 - 2015-10-14 20:08 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-08 15:21 - 2015-10-14 20:08 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-08 14:33 - 2015-10-07 14:16 - 00000000 ____D C:\Users\David J Palmer\AppData\Local\Packages
2016-01-08 14:07 - 2015-10-17 18:04 - 00000000 ____D C:\Users\David J Palmer\AppData\Local\CrashDumps
2016-01-08 12:50 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-08 11:52 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-08 10:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-08 10:04 - 2015-10-14 13:02 - 00000000 ____D C:\ProgramData\KMSAutoS
2016-01-08 08:21 - 2015-10-01 15:03 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-01-08 08:20 - 2015-11-27 16:20 - 00000000 ____D C:\Users\David J Palmer
2016-01-08 08:19 - 2015-11-27 16:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-08 08:19 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-01-08 08:18 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-01-07 10:08 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-07 10:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-28 21:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-28 21:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-28 21:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-28 21:12 - 2015-11-27 16:20 - 00000000 ____D C:\Users\Nadia
2015-12-28 20:14 - 2015-12-01 14:34 - 00000000 ____D C:\Users\Nadia\AppData\Local\Google
2015-12-28 20:04 - 2015-10-07 09:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-28 19:13 - 2015-10-07 07:13 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-12-28 17:24 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-28 17:24 - 2015-10-01 14:29 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-28 13:03 - 2015-12-01 10:19 - 00000000 ____D C:\ProgramData\Skype
2015-12-28 12:50 - 2015-10-06 16:00 - 00000000 ____D C:\Users\Nadia\AppData\Local\MicrosoftEdge
2015-12-28 12:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-28 11:29 - 2015-12-11 22:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Nadia\Downloads\TDSSKiller.exe
2015-12-28 11:18 - 2014-09-05 21:18 - 00000000 ____D C:\Bleeping Computer
2015-12-28 11:03 - 2015-10-01 21:25 - 00000000 ____D C:\Users\Nadia\AppData\Roaming\Apple Computer
2015-12-28 10:51 - 2015-10-01 21:26 - 00002378 _____ C:\Users\Nadia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-28 10:51 - 2014-12-17 17:20 - 00000000 __RDO C:\Users\Nadia\OneDrive
2015-12-18 10:27 - 2015-10-14 14:09 - 00000000 ____D C:\Users\David J Palmer\AppData\Local\Apple Computer
2015-12-17 16:59 - 2015-11-09 11:57 - 00000000 ___RD C:\Users\David J Palmer\iCloudDrive
2015-12-17 16:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-17 11:51 - 2015-10-14 13:20 - 00001129 _____ C:\Users\David J Palmer\Desktop\WD My Cloud.lnk
2015-12-17 11:30 - 2015-10-14 20:09 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-17 11:10 - 2015-10-20 14:59 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-12-16 09:40 - 2015-12-02 22:27 - 00000000 ____D C:\Users\David J Palmer\AppData\Local\Windows Live
2015-12-14 09:00 - 2015-10-14 14:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-12 03:35 - 2015-11-27 16:11 - 00334416 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-12 03:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe

==================== Files in the root of some directories =======

2015-10-20 14:58 - 2015-10-20 14:58 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\David J Palmer\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Nadia\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Nadia\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-07 11:18

==================== End of FRST.txt ============================

Ran by David J Palmer (2016-01-11 08:43:16)
Running from C:\Users\David J Palmer\Downloads
Windows 10 Pro (X64) (2015-11-27 21:49:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3077098461-1490948580-1842899254-500 - Administrator - Disabled)
avaol (S-1-5-21-3077098461-1490948580-1842899254-1012 - Limited - Disabled)
David (S-1-5-21-3077098461-1490948580-1842899254-1001 - Administrator - Enabled) => C:\Users\David
David J Palmer (S-1-5-21-3077098461-1490948580-1842899254-1010 - Administrator - Enabled) => C:\Users\David J Palmer
DefaultAccount (S-1-5-21-3077098461-1490948580-1842899254-503 - Limited - Disabled)
Guest (S-1-5-21-3077098461-1490948580-1842899254-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3077098461-1490948580-1842899254-1006 - Limited - Enabled)
Nadia (S-1-5-21-3077098461-1490948580-1842899254-1004 - Administrator - Enabled) => C:\Users\Nadia

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photo Creations (HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\HP Photo Creations) (Version: 1.0.0.19522 - HP)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 driver (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.6 - NETGEAR)
NETGEAR WNDA3100v3 (x32 Version: 1.0.0.10 - NETGEAR) Hidden
NETGEAR WNDA3100v3 Genie (HKLM-x32\...\InstallShield_{60C50FCC-545B-4D5D-B0D1-4A773143BCE7}) (Version: 1.0.0.10 - NETGEAR)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
WD My Cloud (HKLM-x32\...\WD My Cloud) (Version: 1.0.2.34 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3077098461-1490948580-1842899254-1004_classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nadia\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3077098461-1490948580-1842899254-1010_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\David J Palmer\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1F5C77A5-E59A-4948-A8A6-693846B8F77B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-14] (Google Inc.)
Task: {1FE4E819-D86D-4E61-B659-9A6FB91FCE24} - System32\Tasks\HP Photo Creations Communicator => C:\Users\David J Palmer\AppData\Roaming\HP Photo Creations\Communicator.exe [2015-12-17] ()
Task: {478C8425-FBB9-46D4-9E31-A76DA521F030} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {77BF193F-E72F-4D65-ACDC-6283956AAD2C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {83CA283C-F578-427E-8A39-AB3B21C08129} - System32\Tasks\Western Digital\SmartWare\____Volume_4d76da9e_3d3b_11e4_be66_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a9b87d59_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-07-20] (Western Digital Technologies, Inc.)
Task: {B8C9477F-AC29-455C-BD00-A2FB3FB1B314} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3077098461-1490948580-1842899254-1001
Task: {C2F4BF32-CF46-4279-9FFF-F9CC6C78C89E} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
Task: {C64585B1-8B25-48C1-89EB-C5212816C3F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-14] (Google Inc.)
Task: {FD24BF9A-9EBA-459B-B76D-6F14BDFE4E26} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\Users\David J Palmer\AppData\Roaming\HP Photo Creations\Communicator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-02 12:06 - 2014-12-23 19:15 - 00316128 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2015-12-02 20:41 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-02 20:41 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-17 08:38 - 2015-12-17 08:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-28 17:31 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-28 17:31 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-28 17:32 - 2015-12-06 22:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-28 17:32 - 2015-12-06 22:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-28 17:32 - 2015-12-06 22:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-28 17:32 - 2015-12-06 22:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-10 23:06 - 2015-12-10 23:06 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 23:06 - 2015-12-10 23:06 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-19 12:08 - 2015-11-19 12:08 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-17 08:29 - 2015-12-17 08:30 - 09737216 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.5.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-12-17 08:29 - 2015-12-17 08:30 - 02416640 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.5.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2015-11-02 12:06 - 2015-03-05 18:22 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2015-12-17 08:38 - 2015-12-17 08:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-17 08:38 - 2015-12-17 08:39 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-17 11:29 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 11:29 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-01 17:42 - 2015-10-01 17:38 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3077098461-1490948580-1842899254-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "IntelliPoint"
HKLM\...\StartupApproved\Run32: => "WNDA3100v3"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3077098461-1490948580-1842899254-1010\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{12349567-908D-4B54-8DAE-2B5483F7254A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F33EEDB9-3C72-4F8A-B7B7-5152749E0F9F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B41229A6-2F19-4AE5-890B-75114C104A60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2266742A-B04F-4C3A-BE8D-F80933A5369B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CEF9FE7F-0845-4A88-B891-F49AAAEC6153}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F354FEAB-670D-40F7-B684-5CA119A2257F}] => (Allow) LPort=5357
FirewallRules: [{596D7070-1633-46B0-897D-44B93CE8154F}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{761D9D91-95C7-47C5-8FFA-45D86F17F0C0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FB669B07-6743-44DD-B6F0-F0D097654659}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CAC8E332-B99E-46EF-ACCA-05E028D2600D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CE2107E3-371E-4E96-BDF8-79C6AC9FBC8D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E80537EC-F6C3-45E7-B358-9D4AA9E1687A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{B4B1E7DF-112D-4241-A059-D6DDB3CAB466}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{A150C99A-158F-44F2-8D6B-861D9C44AC56}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{EE991093-5990-4C17-8317-974C044E157A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{B10EE254-4DDA-4CDB-97C0-4EFB0AFB7428}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsSlideShow.exe
FirewallRules: [{B3DA6AAC-7C0F-4332-9267-B40C9B636409}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsSlideShow.exe
FirewallRules: [{C1D1925E-6E3A-41F4-96DF-336717E3E75C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsSlideShow.exe
FirewallRules: [{2C602084-6343-4131-8804-B45D783B1F71}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsSlideShow.exe
FirewallRules: [{4F1AA931-208F-4C3E-ACCC-557BECBDAF73}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe
FirewallRules: [{D54C206C-DDFC-40E7-8F57-AB5F7F24E7F9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe
FirewallRules: [{50FAFE63-6463-4E84-862F-A0CA0F7D2465}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe
FirewallRules: [{13389FD2-05F8-4C0A-8123-6959ED3CEF1E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe
FirewallRules: [{99D474A0-1AD4-49AB-BD67-A08284556447}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
FirewallRules: [{76AC66B9-197B-4850-8580-5D7F6AAAE741}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
FirewallRules: [{6908CE95-7ABF-4CB2-8307-34DA72B8432B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
FirewallRules: [{31A50970-7968-4127-A84A-F6A83ACC2FD8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
FirewallRules: [{1A8C1003-E566-4A1E-8043-C1F507A8B284}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
FirewallRules: [{FE01D9BC-B437-4533-A2CB-A761D7217468}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
FirewallRules: [{13C893E6-FAA3-4F5B-842A-7AE469307756}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
FirewallRules: [{A7563588-A7B0-4C59-840F-44E3BA8D90D8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
FirewallRules: [{B7660C12-F6A2-4657-9B4F-605C284DCD8C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
FirewallRules: [{FD7353E8-1117-4A24-B48F-FF7F1DD961D5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
FirewallRules: [{93BB0E97-47AF-4C64-9F9A-BFD856CDB540}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
FirewallRules: [{D2EEDE50-299C-4997-A2D8-408F2618A907}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
FirewallRules: [{99EFB491-866A-4381-AA41-16FF782D2A19}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
FirewallRules: [{029ED816-5652-4614-9055-3ED39502D25E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
FirewallRules: [{1634F2FA-536A-46DA-913D-CAAEAA2A93B7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
FirewallRules: [{A2172E62-4EC0-41E0-B07F-6D4A8A240B70}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
FirewallRules: [{A3F17E8F-B4BC-4B62-BECB-3335A50BC138}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe
FirewallRules: [{B587558C-2935-43E8-89BA-0CFDEE97BE45}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe
FirewallRules: [{BA111F67-903C-4DD1-B5B6-47C376AFD9C4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe
FirewallRules: [{447CE6DE-3E85-42EC-8ADD-0DF9357A25C5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleOutlookDAVConfig.exe
FirewallRules: [{807A6173-3BA7-4D41-BCB5-859EE39C2246}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
FirewallRules: [{3B967E66-9381-47DC-B262-B43CDD70FC59}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
FirewallRules: [{1892C3D8-FD68-4497-9EDD-184EC6B25457}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
FirewallRules: [{FCABF5F9-8358-42D9-A5A6-A5015B230732}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
FirewallRules: [{4260CA3F-CD8D-43C6-9D6C-07BFD9E5F30A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
FirewallRules: [{18CDBDB9-BCE9-4435-A82E-B4A1941AC913}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
FirewallRules: [{2D174E28-F765-4B3B-BEF9-1327FD41CA08}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
FirewallRules: [{94BFA386-E97B-4A27-A98E-FD68BF57351E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe
FirewallRules: [{10EA44B2-1DA1-45D4-9C0C-BABBBADAE621}] => (Allow) C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig64.exe
FirewallRules: [{CF2D0BB9-E2E1-4941-B62B-A6CF665904C2}] => (Allow) C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig64.exe
FirewallRules: [{5E854FA4-8D06-4C4E-82C6-6154CE85F4E6}] => (Allow) C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig64.exe
FirewallRules: [{81B870F6-488C-4EDD-B628-32EA1617B5F0}] => (Allow) C:\Program Files\Common Files\Apple\Internet Services\AppleOutlookDAVConfig64.exe
FirewallRules: [{9E6499CA-8ECB-46F6-A212-5DA7E17CA607}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CF310729-E931-4B90-A41A-C35664146319}] => (Allow) LPort=2869
FirewallRules: [{1B5A89A7-65A8-4588-8DEA-154F8242D341}] => (Allow) LPort=1900
FirewallRules: [{4981335F-21B1-4A40-9B1C-D04A2248C455}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1019F539-885F-49ED-A07E-94BE964A5B42}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6D0D2AC0-C0F1-4485-B91D-BF7BB0BC104D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E2AF232F-C2B0-488E-856C-695841493D04}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8FBE5BBE-38F8-4CB4-8054-DE874E779609}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

==================== Restore Points =========================

10-11-2015 23:11:19 Snagit 12
28-12-2015 12:59:38 Removed Skype Click to Call
28-12-2015 18:35:42 JRT Pre-Junkware Removal
07-01-2016 10:05:31 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2016 03:53:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1187

Error: (01/08/2016 03:53:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1187

Error: (01/08/2016 03:53:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/08/2016 02:07:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WhatsNew.Store.exe, version: 1.0.0.0, time stamp: 0x563bf1a5
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0xd60
Faulting application start time: 0xWhatsNew.Store.exe0
Faulting application path: WhatsNew.Store.exe1
Faulting module path: WhatsNew.Store.exe2
Report Id: WhatsNew.Store.exe3
Faulting package full name: WhatsNew.Store.exe4
Faulting package-relative application ID: WhatsNew.Store.exe5

Error: (01/08/2016 08:20:54 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (01/08/2016 08:20:51 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (01/08/2016 08:11:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59214031

Error: (01/08/2016 08:11:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 59214031

Error: (01/08/2016 08:11:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/08/2016 08:11:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 59211766


System errors:
=============
Error: (01/11/2016 08:32:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/11/2016 08:18:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/11/2016 08:13:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/08/2016 03:53:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/08/2016 03:07:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/08/2016 01:12:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/08/2016 10:03:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KMSEmulator service failed to start due to the following error:
%%1053

Error: (01/08/2016 10:03:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the KMSEmulator service to connect.

Error: (01/08/2016 10:02:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The KMSEmulator service failed to start due to the following error:
%%1053

Error: (01/08/2016 10:02:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the KMSEmulator service to connect.


CodeIntegrity:
===================================
Date: 2016-01-11 08:41:40.709
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-11 08:41:40.698
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-08 14:14:49.872
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-08 11:50:59.461
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-08 11:50:59.450
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-08 08:37:58.191
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-08 08:37:58.180
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-08 08:30:02.599
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-08 08:30:02.460
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-04 11:17:38.689
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 6044.36 MB
Available physical RAM: 2647.72 MB
Total Virtual: 7004.36 MB
Available Virtual: 3221.25 MB

==================== Drives ================================

Drive c: (S3A9767D001) (Fixed) (Total:262.87 GB) (Free:30.52 GB) NTFS
Drive d: (Video) (Fixed) (Total:200.92 GB) (Free:30.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A5DC0937)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=262.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=510 MB) - (Type=27)
Partition 4: (Not Active) - (Size=200.9 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 11 January 2016 - 04:54 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:19 PM

Posted 11 January 2016 - 05:22 PM

Thanks for the information.

Can you provide me with any additional information from the Malwarebytes log regarding Riskware.Istealer?

Please rerun RogueKiller and post the log.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
URLSearchHook: [S-1-5-21-3077098461-1490948580-1842899254-1001_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3077098461-1490948580-1842899254-1004_classes] ATTENTION => Default URLSearchHook is missing
2016-01-08 10:04 - 2015-10-14 13:02 - 00000000 ____D C:\ProgramData\KMSAutoS
Task: {C2F4BF32-CF46-4279-9FFF-F9CC6C78C89E} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
File: C:\Windows\Temp\ose00000.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Malwarebytes information?
  • RogueKiller report
  • Fixlog
  • FSS log
  • Result log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 12 January 2016 - 11:06 AM

Good Morning Gary,
 
Thank you again for your time and patience.
Apologize for 'attaching the logs' and not posting. :scratchhead:
 
 
#1. Malwarebytes.
 
Protection Log file 2016-01-08
 
<?xml version="1.0" encoding="UTF-8"?>
 
-<logs>
 
<record message="Failed" last_modified_tag="d187e345-b419-43c1-8b10-8448bb182d84" code="Unable to access update server" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-01-08T08:11:27.858358-05:00" LoggingEventType="1" severity="debug"/>
 
<record message="Failed" last_modified_tag="ae8c031b-ce13-481b-92f6-ead3281ced0d" code="No Internet connection detected" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-01-08T08:11:33.456813-05:00" LoggingEventType="1" severity="debug"/>
 
<record message="Failed" last_modified_tag="5720d69b-a5ac-4c89-a09d-c78690e3e71c" code="No Internet connection detected" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-01-08T08:11:33.541456-05:00" LoggingEventType="1" severity="debug"/>
 
<record message="Failed" last_modified_tag="8f051c3b-da61-4e87-beca-026f275f9a8d" code="Unable to access update server" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-01-08T08:14:33.797990-05:00" LoggingEventType="1" severity="debug"/>
 
<record last_modified_tag="38bdf270-6092-44dc-821a-7c635e9f4cca" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T08:20:56.727473-05:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Starting"/>
 
<record last_modified_tag="2787b3cd-805c-4a60-9f89-fcc782a8ca98" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T08:20:56.852476-05:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Started"/>
 
<record last_modified_tag="0f13a077-1ff6-4af2-8e00-60eba30c0eed" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T08:20:56.946231-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>
 
<record last_modified_tag="89c2704e-39d1-4155-87c3-47af5607cddb" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T08:20:59.884100-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>
 
<record last_modified_tag="3e4bdef2-33af-477e-87f7-a6d567037900" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-01-08T08:39:56.295469-05:00" LoggingEventType="1" severity="debug" toVersion="2016.1.8.1" name="Domain Database" fromVersion="2016.1.7.5"/>
 
<record last_modified_tag="a7853aaa-509f-4566-978a-43e47825b461" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-01-08T08:40:01.828731-05:00" LoggingEventType="1" severity="debug" toVersion="2016.1.8.3" name="Malware Database" fromVersion="2016.1.7.5"/>
 
<record last_modified_tag="23751204-0f05-4089-8680-2b72ef43a84f" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T08:40:01.844356-05:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/>
 
<record last_modified_tag="c8302220-ecce-429f-ac92-92116f46fb64" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T08:40:01.867293-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>
 
<record last_modified_tag="6734af82-2013-4da6-b6ae-aa4d76de40ee" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T08:40:02.161079-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>
 
<record last_modified_tag="3a066d35-8d8e-4239-81b2-7a24cb7b21f6" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T08:40:08.421389-05:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/>
 
<record last_modified_tag="3202ccfa-0db5-406d-991d-1b286b7ef077" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T08:40:08.441764-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>
 
<record last_modified_tag="3711c921-0db0-45a1-bb02-bf55970f05dc" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T08:40:09.648486-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>
 
<record message="" last_modified_tag="6db8a531-3ba4-4d18-ae0e-cd1c38eda7c9" systemname="DAVID-LAPTOP" username="SYSTEM" type="Detection" source="Protection" datetime="2016-01-08T10:01:43.787407-05:00" LoggingEventType="0" severity="debug" subtype="Malware Protection" malwaretype="File" hash="74bfea4dafea47efeda676bb50b27789" filename="C:\ProgramData\KMSAutoS\bin\KMSSS.exe" action="Quarantine" vendor="RiskWare.IStealer"/>
 
<record message="" last_modified_tag="38ba8c85-b7c0-47c5-8637-80732cee5907" systemname="DAVID-LAPTOP" username="SYSTEM" type="Detection" source="Protection" datetime="2016-01-08T10:02:16.826964-05:00" LoggingEventType="0" severity="debug" subtype="Malware Protection" malwaretype="File" hash="74bfea4dafea47efeda676bb50b27789" filename="C:\ProgramData\KMSAutoS\bin\KMSSS.exe" action="Quarantine" vendor="RiskWare.IStealer"/>
 
<record message="" last_modified_tag="89a494f7-722d-4cd9-b9c3-cb9184bdf3a9" systemname="DAVID-LAPTOP" username="SYSTEM" type="Detection" source="Protection" datetime="2016-01-08T10:03:19.031607-05:00" LoggingEventType="0" severity="debug" subtype="Malware Protection" malwaretype="File" hash="74bfea4dafea47efeda676bb50b27789" filename="C:\ProgramData\KMSAutoS\bin\KMSSS.exe" action="Quarantine" vendor="RiskWare.IStealer"/>
 
<record last_modified_tag="98db3afe-903b-4187-92c8-305e27f140ed" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Manual" datetime="2016-01-08T10:03:40.698867-05:00" LoggingEventType="1" severity="debug" toVersion="2016.1.8.4" name="Malware Database" fromVersion="2016.1.8.3"/>
 
<record last_modified_tag="b1761288-40dc-4b68-a360-02e705feaeac" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T10:03:40.728897-05:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/>
 
<record last_modified_tag="ea56b6ce-91a9-4d2f-b38e-aee51dabcecf" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T10:03:40.744521-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>
 
<record last_modified_tag="3ba8faa5-5068-40c5-aa17-83eac232cc31" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T10:03:41.029701-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>
 
<record last_modified_tag="6334d869-f7b0-4c09-9c15-a4a58a92d77e" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T10:03:48.384310-05:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/>
 
<record last_modified_tag="a7542f96-3a4d-4bc3-a2ce-fc0574c116c7" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T10:03:49.615082-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>
 
<record last_modified_tag="08780729-36ba-4c90-9d47-c784ced07833" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T10:03:51.081084-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>
 
<record last_modified_tag="8f096f3b-797f-462c-ac6c-33a3735e7e57" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-01-08T10:31:23.245563-05:00" LoggingEventType="1" severity="debug" toVersion="2016.1.8.1" name="Remediation Database" fromVersion="2016.1.4.1"/>
 
<record last_modified_tag="64816cec-c877-4559-b5af-8fa0503b17bb" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T10:31:23.292446-05:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/>
 
<record last_modified_tag="e96be558-86d3-4e40-841c-aa84820a3180" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T10:31:23.308074-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>
 
<record last_modified_tag="316d9f75-3078-4af2-9713-4c90aa780c21" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T10:31:23.542345-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>
 
<record last_modified_tag="b13b7bc3-3220-4758-9fac-cc615655bd22" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T10:31:33.384329-05:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/>
 
<record last_modified_tag="fd151598-d3bd-4595-969d-bce4a6cceb21" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T10:31:33.406463-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>
 
<record last_modified_tag="1bd5bc6f-7340-4dca-ad83-73f60befd849" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T10:31:34.770889-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>
 
<record last_modified_tag="fcaab2e8-1600-4bc3-84b2-42f78b124ca6" systemname="DAVID-LAPTOP" username="SYSTEM" type="Scan" source="Manual" datetime="2016-01-08T11:06:35.592320-05:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="0" malwaredetections="0" duration="3774" starttime="2016-01-08T10:03:41-05:00" scantype="threat"/>
 
<record last_modified_tag="afe06343-a884-46dd-b164-ddf422d9f3a5" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-01-08T11:39:24.024013-05:00" LoggingEventType="1" severity="debug" toVersion="2016.1.8.2" name="Domain Database" fromVersion="2016.1.8.1"/>
 
<record last_modified_tag="6a6ccd3d-9cd6-4135-91be-4ad04734ff34" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T11:39:24.061467-05:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/>
 
<record last_modified_tag="e6bbd765-ac38-4a0d-9fd8-67964ea6818e" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T11:39:24.061467-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>
 
<record last_modified_tag="bf53a39b-c87b-422c-8036-5d80cc9ab8d9" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T11:39:24.446918-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>
 
<record last_modified_tag="f11c62f1-5d09-4c31-b444-9b6aaafc3173" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T11:39:31.567870-05:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/>
 
<record last_modified_tag="cc9a29b6-f7f7-4b9b-88b4-7ed407cf1e46" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T11:39:31.599122-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>
 
<record last_modified_tag="c74930ca-6ef4-41a1-a199-e4f3bfa0ba9e" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T11:39:32.870787-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>
 
<record message="Failed" last_modified_tag="e887d389-7955-4368-8e5b-b24a27c596df" code="No Internet connection detected" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-01-08T13:34:44.842957-05:00" LoggingEventType="1" severity="debug"/>
 
<record message="Failed" last_modified_tag="852f83b2-4ffe-4e30-9d23-4ea62ff032dc" code="Unable to access update server" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-01-08T13:37:45.039747-05:00" LoggingEventType="1" severity="debug"/>
 
<record message="Failed" last_modified_tag="2321d6da-bc4a-45b0-88eb-31cf59346a9f" code="No Internet connection detected" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Manual" datetime="2016-01-08T13:40:07.448286-05:00" LoggingEventType="1" severity="debug"/>
 
<record message="Failed" last_modified_tag="1d241d92-950a-43c3-8bdb-413510916de7" code="No Internet connection detected" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Manual" datetime="2016-01-08T13:40:19.362419-05:00" LoggingEventType="1" severity="debug"/>
 
<record message="Failed" last_modified_tag="4509cef2-f63d-4ee4-83b0-e4639a31362a" code="No Internet connection detected" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Manual" datetime="2016-01-08T13:40:20.888821-05:00" LoggingEventType="1" severity="debug"/>
 
<record message="Failed" last_modified_tag="eb73d158-d547-4d01-bc6a-78e58fa2060c" code="No Internet connection detected" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Manual" datetime="2016-01-08T13:40:23.892016-05:00" LoggingEventType="1" severity="debug"/>
 
<record last_modified_tag="35542844-73a8-4080-bfb2-9235990ef58b" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Manual" datetime="2016-01-08T13:40:29.128608-05:00" LoggingEventType="1" severity="debug" toVersion="2016.1.8.3" name="Domain Database" fromVersion="2016.1.8.2"/>
 
<record last_modified_tag="36e3e815-9227-4c69-94ea-78047eb2403c" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Manual" datetime="2016-01-08T13:40:34.799488-05:00" LoggingEventType="1" severity="debug" toVersion="2016.1.8.5" name="Malware Database" fromVersion="2016.1.8.4"/>
 
<record last_modified_tag="c822dc6d-eea2-467d-94f4-7a761e6dd2d2" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T13:40:34.823504-05:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/>
 
<record last_modified_tag="8b5087f1-a8a7-46b9-8a9d-15bc35ef88bf" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T13:40:34.839135-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>
 
<record last_modified_tag="90437943-a6d1-4716-8b70-b5f2926dc01e" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T13:40:35.220092-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>
 
<record last_modified_tag="697531f4-5c08-4e88-82d2-7bbb7a5b6978" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T13:40:41.434741-05:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/>
 
<record last_modified_tag="7d7f60f1-4be8-42b5-ad3b-c3ec0a13b9c4" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T13:40:41.456259-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>
 
<record last_modified_tag="4022ad32-8bd9-4167-afca-613be521f653" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T13:40:42.706715-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>
 
<record last_modified_tag="d327cf62-0a0c-42bd-ab26-0f30cc77422f" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-01-08T15:35:51.266752-05:00" LoggingEventType="1" severity="debug" toVersion="2016.1.8.4" name="Domain Database" fromVersion="2016.1.8.3"/>
 
<record last_modified_tag="1c249946-c372-424d-8c5c-de600bb97787" systemname="DAVID-LAPTOP" username="SYSTEM" type="Update" source="Scheduler" datetime="2016-01-08T15:35:56.837944-05:00" LoggingEventType="1" severity="debug" toVersion="2016.1.8.6" name="Malware Database" fromVersion="2016.1.8.5"/>
 
<record last_modified_tag="381af0af-f466-4fcc-8d41-2fb42e18b375" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T15:35:56.865860-05:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/>
 
<record last_modified_tag="280a5c1e-ed0d-4ff0-af3c-ee8616adf75e" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T15:35:56.875868-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>
 
<record last_modified_tag="072bf220-e744-43da-8f2a-bd6b665295ad" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T15:35:57.266779-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>
 
<record last_modified_tag="be66cdd7-f4f9-4885-b5e0-6c53ba6f252b" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T15:36:03.876996-05:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/>
 
<record last_modified_tag="75b671df-2255-41d3-8746-0f2998188eea" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T15:36:03.899013-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>
 
<record last_modified_tag="af15517f-40e1-41ed-a3d0-6728202d2f4c" systemname="DAVID-LAPTOP" username="SYSTEM" type="Protection" source="Protection" datetime="2016-01-08T15:36:05.548938-05:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>
 
</logs>
 
 
 
#2. Roguekiller.
 
RogueKiller V11.0.7.0 [Jan 11 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : David [Administrator]
Started from : C:\Users\David\Downloads\RogueKiller (1).exe
Mode : Scan -- Date : 01/12/2016 11:03:22
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5075GSX +++++
--- User ---
[MBR] 8e9608e81ae0effef875b0aab885e369
[BSP] 0b7e036561ae36937226b6f101c7611c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 269179 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 554354688 | Size: 510 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 555399185 | Size: 205746 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
#3. Fixlog.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by David (2016-01-12 10:37:52) Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
URLSearchHook: [S-1-5-21-3077098461-1490948580-1842899254-1001_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3077098461-1490948580-1842899254-1004_classes] ATTENTION => Default URLSearchHook is missing
2016-01-08 10:04 - 2015-10-14 13:02 - 00000000 ____D C:\ProgramData\KMSAutoS
Task: {C2F4BF32-CF46-4279-9FFF-F9CC6C78C89E} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
File: C:\Windows\Temp\ose00000.exe
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
C:\ProgramData\KMSAutoS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2F4BF32-CF46-4279-9FFF-F9CC6C78C89E} => key not found. 
C:\WINDOWS\System32\Tasks\KMSAutoNet => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KMSAutoNet => key not found. 
 
========================= File: C:\Windows\Temp\ose00000.exe ========================
 
File is digitally signed
MD5: D21292345D9791CAFF94B960E574E206
Creation and modification date: 2016-01-12 09:44 - 2015-08-16 03:38
Size: 0204360
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: ose
Original Name: ose.exe
Product: Office Source Engine
Description: Office Source Engine
File Version: 16.0.4266.1003
Product Version: 16.0.4266.1003
Copyright: 
 
====== End of File: ======
 
 
#4. FSS Log
 
Farbar Service Scanner Version: 03-01-2016
Ran by David (administrator) on 12-01-2016 at 10:50:31
Running from "C:\Users\David\Desktop"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
**** End of log ****
 
 
#5. MiniTool Box Log.
 
MiniToolBox by Farbar  Version: 02-11-2015
Ran by David (administrator) on 12-01-2016 at 10:57:45
Running from "C:\Users\David\Desktop"
Microsoft Windows 10 Pro  (X64)
Model: Satellite L840 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter = Wi-Fi 2 (Connected)
Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)
Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 7" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 16" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : David-Laptop
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 04-7D-7B-D3-63-8B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 74-E5-43-0A-9A-84
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-E5-43-0A-9A-84
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter #2
   Physical Address. . . . . . . . . : 56-E5-43-0A-9A-84
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi 2:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter
   Physical Address. . . . . . . . . : 4C-60-DE-F2-C5-10
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, January 12, 2016 10:57:29 AM
   Lease Expires . . . . . . . . . . : Wednesday, January 13, 2016 10:57:34 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{6C2B2513-D100-450B-81D4-82AA8746DAFE}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3071:3568:9c07:acd3(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3071:3568:9c07:acd3%10(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 771751936
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-9F-41-03-04-7D-7B-D3-63-8B
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:400b:80a::1009
 74.125.226.132
 74.125.226.133
 74.125.226.134
 74.125.226.137
 74.125.226.136
 74.125.226.128
 74.125.226.135
 74.125.226.131
 74.125.226.130
 74.125.226.142
 74.125.226.129
 
 
Pinging google.com [74.125.226.132] with 32 bytes of data:
Reply from 74.125.226.132: bytes=32 time=148ms TTL=56
Reply from 74.125.226.132: bytes=32 time=39ms TTL=56
 
Ping statistics for 74.125.226.132:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 39ms, Maximum = 148ms, Average = 93ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=112ms TTL=51
Reply from 206.190.36.45: bytes=32 time=135ms TTL=51
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 112ms, Maximum = 135ms, Average = 123ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  8...04 7d 7b d3 63 8b ......Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
  9...74 e5 43 0a 9a 84 ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
 13...16 e5 43 0a 9a 84 ......Microsoft Wi-Fi Direct Virtual Adapter
 23...56 e5 43 0a 9a 84 ......Microsoft Hosted Network Virtual Adapter #2
 12...4c 60 de f2 c5 10 ......NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    281
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 10    306 2001::/32                On-link
 10    306 2001:0:5ef5:79fd:3071:3568:9c07:acd3/128
                                    On-link
 10    306 fe80::/64                On-link
 10    306 fe80::3071:3568:9c07:acd3/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
**** End of log ****
 
 
Thank you Gary... :bowdown:

Edited by David..., 12 January 2016 - 11:38 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:19 PM

Posted 12 January 2016 - 04:59 PM

Thank you David,

That file is related to the Microsoft Office program I asked you to uninstall. Are you still getting the Malwarebytes notification? After running the FRST fix you shouldn't get that anymore.

Please update me on your current symptoms.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 12 January 2016 - 06:40 PM

Sorry Gary,

 

I misinterpreted what you meant regarding,

 

"Can you provide me with any additional information from the Malwarebytes log regarding Riskware.Istealer?"

 

 

The log file I provided was from Malwarebytes 2016-01-08.

This issue regarding Riskware.Istealer no longer exists.

 

 

Symptom #6

 

Malwarebytes issued a warning yesterday and today.

 

Detection, 1/11/2016 9:56 AM, SYSTEM, DAVID-LAPTOP, Protection, Malicious Website Protection, Domain, 54.173.20.107, www.redirecttv.com, 50270, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, 

 

 

I was worried. So I attempted a SUPERAntiSpyware Scan 

 

SUPERAntiSpyware Scan Log

 
Generated 01/12/2016 at 01:59 PM
 
Application Version : 6.0.1210
Database Version : 12318
 
Scan type       : Quick Scan
Total Scan Time : 00:01:35
 
Operating System Information
Windows 10 Professional 64-bit (Build 10.00.10586)
UAC On - Limited User
 
Memory items scanned      : 923
Memory threats detected   : 0
Registry items scanned    : 55678
Registry threats detected : 0
File items scanned        : 8411
File threats detected     : 545
 

Adware.Tracking Cookie 

 

 

The scan performed on Monday found over 900 adware tracking cookies.

 

I do not surf these type of websites.

 

 

Thank you again Gary.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:19 PM

Posted 12 January 2016 - 06:58 PM

Do you have other computer connected to the same wireless router and are they having problems?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 12 January 2016 - 07:30 PM

Gary,

 

This is the only computer I have at this location.

 

 

David



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:19 PM

Posted 12 January 2016 - 08:43 PM

Thanks David. I would like you to factory reset your router. If you need instructions you can either Google your particular router or let me know and I will find the information for you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:19 PM

Posted 15 January 2016 - 10:33 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:19 PM

Posted 19 January 2016 - 10:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:19 PM

Posted 19 January 2016 - 02:40 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 19 January 2016 - 02:50 PM

Hello Gary,

 

Thank you again.

 

#1. I did perform a factory reset of the router.

 

 

#2.  I also have a modem, and attempted to factory reset this as well - and got stuck.

I am a Rogers customers and they recently sent out some spam email and TXT msg to change login and password of the Modem.

 

My computer is no longer able to recognize the Ethernet connection - since I am normally a Wifi user.

I never checked this connection after upgrading to Windows 10.

 

Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30)
The most recent driver found online is only for Windows 8.1
 
 
Stupid question...what was the reason for factory resetting the router?
 
 
Thank you again Gary.
David


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:19 PM

Posted 19 January 2016 - 06:14 PM

Hi David,

Not a stupid question at all. Routers can become infected/compromised resulting in the blocked web site symptoms you are having. I am assuming we are still dealing with that issue.

Please do this.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 3 in the lower box to Perform only a Deep Scan then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --incognito and press Enter
  • Check the browser behavior/blocked web site notifications
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached System Summary file
  • Zoek report
  • Are you getting blocked website notifications?
  • Update on general computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users